I'm testing with certmonger 0.78.6 (patched for the GETCACertChain bug) against 
two EJBCA servers. For verification I a use a second SCEP client called jSCEP.

I started certmonger in debug mode with  
"/usr/libexec/certmonger/certmonger-session -n -d 15"

The CA file in /root/.config/certmonger/cas  looks like this:

id=Test_Sweden
ca_aka=SCEP (certmonger 0.78.6)
ca_is_default=0
ca_type=EXTERNAL
ca_external_helper=/usr/libexec/certmonger/scep-submit -u 
http://ejbca-test2.primekey.se:8080/ejbca/publicweb/apply/scep/mxratest/pkiclient.exe
 -i "mx_kd3"
ca_capabilities=POSTPKIOperation,Renewal,SHA-1
scep_ca_identifier=iCOM Kunde1 Schweden
ca_encryption_cert=-----BEGIN CERTIFICATE-----
<bla>
-----END CERTIFICATE-----
ca_encryption_issuer_cert=-----BEGIN CERTIFICATE-----
<bla>
-----END CERTIFICATE-----



Issuing the request

"getcert request -c Test_Sweden -v -d /tmp/nssdb -g 2048 -I husky201 -p 
/tmp/pwd.txt -n husky201 -L abcd -N CN='husky201' -s"

gives this log:

2016-08-22 10:31:13 [22931] Handling D-Bus traffic (Read) on FD 8 for 
0x7fbe6b0c02e0.
2016-08-22 10:31:13 [22931] message 
0x7fbe6b0c02e0(method_call)->org.fedorahosted.certmonger:/org/fedorahosted/certmonger:org.fedorahosted.certmonger.add_request
2016-08-22 10:31:13 [22931] Pending GetConnectionUnixUser serial 135
2016-08-22 10:31:13 [22931] Pending GetConnectionUnixProcessID serial 136
2016-08-22 10:31:13 [22931] Queuing FD 8 for Read for 
0x7fbe6b0c02e0:0x7fbe6b0aa690.
2016-08-22 10:31:13 [22931] Dequeuing FD 8 for Read for 
0x7fbe6b0c02e0:0x7fbe6b0aa690.
2016-08-22 10:31:13 [22931] Handling D-Bus traffic (Read) on FD 8 for 
0x7fbe6b0c02e0.
2016-08-22 10:31:13 [22931] message 0x7fbe6b0c02e0(method_return)->135->73
2016-08-22 10:31:13 [22931] message 0x7fbe6b0c02e0(method_return)->136->74
2016-08-22 10:31:13 [22931] User ID 0 PID 23133 called 
/org/fedorahosted/certmonger:org.fedorahosted.certmonger.add_request.
2016-08-22 10:31:13 [23135] Read value "0" from "/proc/sys/crypto/fips_enabled".
2016-08-22 10:31:13 [23135] Not attempting to set NSS FIPS mode.
2016-08-22 10:31:13 [23135] Skipping NSS internal slot (NSS Generic Crypto 
Services).
2016-08-22 10:31:13 [23135] Found token 'NSS Certificate DB'.
2016-08-22 10:31:13 [23135] Located the key 'husky201'.
2016-08-22 10:31:13 [23135] Converted private key 'husky201' to public key.
2016-08-22 10:31:13 [23135] Key is an RSA key.
2016-08-22 10:31:13 [23135] Key size is 2048.
2016-08-22 10:31:13 [23136] Read value "0" from "/proc/sys/crypto/fips_enabled".
2016-08-22 10:31:13 [23136] Not attempting to set NSS FIPS mode.
2016-08-22 10:31:13 [23136] Found token 'NSS Generic Crypto Services'.
2016-08-22 10:31:13 [23136] Cert storage slot still needs user PIN to be set.
2016-08-22 10:31:13 [23136] Found token 'NSS Certificate DB'.
2016-08-22 10:31:13 [23136] Error locating certificate.
2016-08-22 10:31:13 [22931] Request7('husky201') starts in state 'NEWLY_ADDED'
2016-08-22 10:31:13 [22931] Request7('husky201') taking writing lock
2016-08-22 10:31:13 [22931] Request7('husky201') moved to state 
'NEWLY_ADDED_START_READING_KEYINFO'
2016-08-22 10:31:13 [22931] Will revisit Request7('husky201') now.
2016-08-22 10:31:13 [22931] Started Request7('husky201').
2016-08-22 10:31:13 [22931] Queuing FD 8 for Read for 
0x7fbe6b0c02e0:0x7fbe6b09b4e0.
2016-08-22 10:31:13 [22931] Request7('husky201') moved to state 
'NEWLY_ADDED_READING_KEYINFO'
2016-08-22 10:31:13 [22931] Will revisit Request7('husky201') on traffic from 
11.
2016-08-22 10:31:13 [22931] Dequeuing FD 8 for Read for 
0x7fbe6b0c02e0:0x7fbe6b09b4e0.
2016-08-22 10:31:13 [22931] Handling D-Bus traffic (Read) on FD 8 for 
0x7fbe6b0c02e0.
2016-08-22 10:31:13 [22931] message 
0x7fbe6b0c02e0(method_call)->org.fedorahosted.certmonger:/org/fedorahosted/certmonger/requests/Request7:org.fedorahosted.certmonger.request.get_nickname
2016-08-22 10:31:13 [22931] Pending GetConnectionUnixUser serial 140
2016-08-22 10:31:13 [22931] Pending GetConnectionUnixProcessID serial 141
2016-08-22 10:31:13 [22931] Queuing FD 8 for Read for 
0x7fbe6b0c02e0:0x7fbe6b0ae0a0.
2016-08-22 10:31:13 [22931] Dequeuing FD 8 for Read for 
0x7fbe6b0c02e0:0x7fbe6b0ae0a0.
2016-08-22 10:31:13 [22931] Handling D-Bus traffic (Read) on FD 8 for 
0x7fbe6b0c02e0.
2016-08-22 10:31:13 [22931] message 0x7fbe6b0c02e0(method_return)->140->75
2016-08-22 10:31:13 [22931] message 0x7fbe6b0c02e0(method_return)->141->76
2016-08-22 10:31:13 [22931] User ID 0 PID 23133 called 
/org/fedorahosted/certmonger/requests/Request7:org.fedorahosted.certmonger.request.get_nickname.
2016-08-22 10:31:13 [22931] Queuing FD 8 for Read for 
0x7fbe6b0c02e0:0x7fbe6b09b4e0.
2016-08-22 10:31:13 [23137] Read value "0" from "/proc/sys/crypto/fips_enabled".
2016-08-22 10:31:13 [23137] Not attempting to set NSS FIPS mode.
2016-08-22 10:31:13 [23137] Skipping NSS internal slot (NSS Generic Crypto 
Services).
2016-08-22 10:31:13 [23137] Found token 'NSS Certificate DB'.
2016-08-22 10:31:13 [23137] Located the key 'husky201'.
2016-08-22 10:31:13 [23137] Converted private key 'husky201' to public key.
2016-08-22 10:31:13 [23137] Key is an RSA key.
2016-08-22 10:31:13 [23137] Key size is 2048.
2016-08-22 10:31:13 [22931] Request7('husky201') moved to state 
'NEWLY_ADDED_START_READING_CERT'
2016-08-22 10:31:13 [22931] Will revisit Request7('husky201') now.
2016-08-22 10:31:13 [22931] Request7('husky201') moved to state 
'NEWLY_ADDED_READING_CERT'
2016-08-22 10:31:13 [22931] Will revisit Request7('husky201') on traffic from 
11.
2016-08-22 10:31:13 [23138] Read value "0" from "/proc/sys/crypto/fips_enabled".
2016-08-22 10:31:13 [23138] Not attempting to set NSS FIPS mode.
2016-08-22 10:31:13 [23138] Found token 'NSS Generic Crypto Services'.
2016-08-22 10:31:13 [23138] Cert storage slot still needs user PIN to be set.
2016-08-22 10:31:13 [23138] Found token 'NSS Certificate DB'.
2016-08-22 10:31:13 [23138] Error locating certificate.
2016-08-22 10:31:13 [22931] Request7('husky201') moved to state 
'NEWLY_ADDED_DECIDING'
2016-08-22 10:31:13 [22931] Will revisit Request7('husky201') now.
2016-08-22 10:31:13 [22931] Request7('husky201') releasing writing lock
2016-08-22 10:31:13 [22931] Request7('husky201') has no certificate, will 
attempt enrollment using already-present key
2016-08-22 10:31:13 [22931] Request7('husky201') moved to state 'NEED_CSR'
2016-08-22 10:31:13 [22931] Will revisit Request7('husky201') now.
2016-08-22 10:31:13 [22931] Request7('husky201') moved to state 'GENERATING_CSR'
2016-08-22 10:31:13 [22931] Will revisit Request7('husky201') on traffic from 
11.
2016-08-22 10:31:13 [23139] Read value "0" from "/proc/sys/crypto/fips_enabled".
2016-08-22 10:31:13 [23139] Not attempting to set NSS FIPS mode.
2016-08-22 10:31:13 [23139] Skipping NSS internal slot (NSS Generic Crypto 
Services).
2016-08-22 10:31:13 [23139] Found token 'NSS Certificate DB'.
2016-08-22 10:31:13 [23139] Located the key 'husky201'.
2016-08-22 10:31:13 [23139] Converted private key 'husky201' to public key.
2016-08-22 10:31:13 [22931] Request7('husky201') moved to state 'HAVE_CSR'
2016-08-22 10:31:13 [22931] Will revisit Request7('husky201') now.
2016-08-22 10:31:13 [22931] Request7('husky201') moved to state 'NEED_TO_SUBMIT'
2016-08-22 10:31:13 [22931] Will revisit Request7('husky201') now.
2016-08-22 10:31:13 [22931] Request7('husky201') moved to state 'SUBMITTING'
2016-08-22 10:31:13 [22931] Will revisit Request7('husky201') on traffic from 
15.
2016-08-22 10:31:13 [22931] Certificate submission attempt complete.
2016-08-22 10:31:13 [22931] Child status = 16.
2016-08-22 10:31:13 [22931] Child output:

"Error reading request, expected PKCS7 data.
"
2016-08-22 10:31:13 [22931] Error reading request, expected PKCS7 data.
2016-08-22 10:31:13 [22931] Certificate not (yet?) issued.
2016-08-22 10:31:13 [22931] Request7('husky201') goes to a CA over SCEP, need 
to generate SCEP data.
2016-08-22 10:31:13 [22931] Request7('husky201') moved to state 'NEED_SCEP_DATA'
2016-08-22 10:31:13 [22931] Will revisit Request7('husky201') now.
2016-08-22 10:31:13 [22931] Request7('husky201') moved to state 
'GENERATING_SCEP_DATA'
2016-08-22 10:31:13 [22931] Will revisit Request7('husky201') on traffic from 
11.
2016-08-22 10:31:13 [23141] Read value "0" from "/proc/sys/crypto/fips_enabled".
2016-08-22 10:31:13 [23141] Not attempting to set NSS FIPS mode.
2016-08-22 10:31:13 [23141] Generating dummy key.
2016-08-22 10:31:13 [23141] Read value "0" from "/proc/sys/crypto/fips_enabled".
2016-08-22 10:31:13 [23141] Not attempting to set NSS FIPS mode.
2016-08-22 10:31:13 [23141] Skipping NSS internal slot (NSS Generic Crypto 
Services).
2016-08-22 10:31:13 [23141] Found token 'NSS Certificate DB'.
2016-08-22 10:31:13 [23141] Located the key 'husky201'.
2016-08-22 10:31:13 [23141] Converted private key 'husky201' to public key.
2016-08-22 10:31:13 [23141] Server does not support DES3, using DES.
2016-08-22 10:31:13 [23141] Server does not support better digests, using MD5.
2016-08-22 10:31:13 [23141] Generating PKCSREQ pkiMessage.
2016-08-22 10:31:13 [23141] Setting transaction ID 
"46763632748922674693649122043315271915873922247404248201497767686509312971065".
2016-08-22 10:31:13 [23141] Setting message type "19".
2016-08-22 10:31:13 [23141] Setting sender nonce.
2016-08-22 10:31:13 [23141] Signed data.
2016-08-22 10:31:13 [23141] Generating GetCertInitial pkiMessage.
2016-08-22 10:31:13 [23141] Setting transaction ID 
"46763632748922674693649122043315271915873922247404248201497767686509312971065".
2016-08-22 10:31:13 [23141] Setting message type "20".
2016-08-22 10:31:13 [23141] Setting sender nonce.
2016-08-22 10:31:13 [23141] Signed data.
2016-08-22 10:31:13 [23141] Signing using old key.
2016-08-22 10:31:13 [23141] Re-signing PKCSREQ message with old key.
2016-08-22 10:31:13 [23141] Re-signing GetCertInitial message with old key.
2016-08-22 10:31:13 [22931] Request7('husky201') moved to state 'HAVE_SCEP_DATA'
2016-08-22 10:31:13 [22931] Will revisit Request7('husky201') now.
2016-08-22 10:31:13 [22931] Request7('husky201') moved to state 'NEED_TO_SUBMIT'
2016-08-22 10:31:13 [22931] Will revisit Request7('husky201') now.
2016-08-22 10:31:13 [22931] Request7('husky201') moved to state 'SUBMITTING'
2016-08-22 10:31:13 [22931] Will revisit Request7('husky201') on traffic from 
15.
2016-08-22 10:31:15 [22931] Certificate submission attempt complete.
2016-08-22 10:31:15 [22931] Child status = 3.
2016-08-22 10:31:15 [22931] Child output:
"Error: failed to verify signature on server response.
"
2016-08-22 10:31:15 [22931] Error: failed to verify signature on server 
response.
2016-08-22 10:31:15 [22931] Certificate not (yet?) issued.
2016-08-22 10:31:15 [22931] Request7('husky201') moved to state 'CA_UNREACHABLE'
2016-08-22 10:31:15 [22931] Will revisit Request7('husky201') in 604800 seconds.

I recorded the client server communication and can clearly see that the server 
transmitted the certificate.

When using jSCEP client I can successfully download certificates from that 
server with  e.g.

$ openssl req -key test.key -new -days 30 -out test.pemreq -outform PEM # end 
entity set to mx_pre2

$ java -jar target/jscepcli-1.0-SNAPSHOT-exe.jar --ca-identifier mx_kd3 
--challenge abcd --csr-file test.pemreq --dn "CN=mx_pre2" --key-file test.key \
--url 
http://ejbca-test2.primekey.se:8080/ejbca/publicweb/apply/scep/mxratest/pkiclient.exe



With certmonger I can successfully get a cert using another CA with an internal 
EJBCA server and this request:

"getcert request -c Test_Sweden -v -d /tmp/nssdb -g 2048 -I husky100 -p 
/tmp/pwd.txt -n husky100 -L abcd -N CN='husky100' -s"


id=KBCA
ca_aka=SCEP (certmonger 0.78.6)
ca_is_default=0
ca_type=EXTERNAL
ca_external_helper=/usr/libexec/certmonger/scep-submit -u 
http://mucs70202.corp.knorr-bremse.com:8080/ejbca/publicweb/apply/scep/pkiclient.exe
 -i "iCOM%20Kunde1%20Dev%20SubCA"
ca_capabilities=POSTPKIOperation,Renewal,SHA-1
scep_ca_identifier=KBCA
ca_encryption_cert=-----BEGIN CERTIFICATE-----
<bla>
-----END CERTIFICATE-----
ca_encryption_issuer_cert=-----BEGIN CERTIFICATE-----
<bla>
-----END CERTIFICATE-----
ca_encryption_cert_pool=-----BEGIN CERTIFICATE-----
<bla>
-----END CERTIFICATE-----



2016-08-22 10:05:24 [21621] User ID 0 PID 22278 called 
/org/fedorahosted/certmonger:org.fedorahosted.certmonger.add_request.
2016-08-22 10:05:24 [22280] Read value "0" from "/proc/sys/crypto/fips_enabled".
2016-08-22 10:05:24 [22280] Not attempting to set NSS FIPS mode.
2016-08-22 10:05:24 [22280] Skipping NSS internal slot (NSS Generic Crypto 
Services).
2016-08-22 10:05:24 [22280] Found token 'NSS Certificate DB'.
2016-08-22 10:05:24 [22280] Error locating a key.
2016-08-22 10:05:24 [22281] Read value "0" from "/proc/sys/crypto/fips_enabled".
2016-08-22 10:05:24 [22281] Not attempting to set NSS FIPS mode.
2016-08-22 10:05:24 [22281] Found token 'NSS Generic Crypto Services'.
2016-08-22 10:05:24 [22281] Cert storage slot still needs user PIN to be set.
2016-08-22 10:05:24 [22281] Found token 'NSS Certificate DB'.
2016-08-22 10:05:24 [22281] Error locating certificate.
2016-08-22 10:05:24 [21621] Request2('husky100') starts in state 'NEWLY_ADDED'
2016-08-22 10:05:24 [21621] Request2('husky100') taking writing lock
2016-08-22 10:05:24 [21621] Request2('husky100') moved to state 
'NEWLY_ADDED_START_READING_KEYINFO'
2016-08-22 10:05:24 [21621] Will revisit Request2('husky100') now.
2016-08-22 10:05:24 [21621] Started Request2('husky100').
2016-08-22 10:05:24 [21621] Queuing FD 8 for Read for 
0x7fdf7bf25630:0x7fdf7bf33720.
2016-08-22 10:05:24 [21621] Request2('husky100') moved to state 
'NEWLY_ADDED_READING_KEYINFO'
2016-08-22 10:05:24 [21621] Will revisit Request2('husky100') on traffic from 
11.
2016-08-22 10:05:24 [21621] Dequeuing FD 8 for Read for 
0x7fdf7bf25630:0x7fdf7bf33720.
2016-08-22 10:05:24 [21621] Handling D-Bus traffic (Read) on FD 8 for 
0x7fdf7bf25630.
2016-08-22 10:05:24 [21621] message 
0x7fdf7bf25630(method_call)->org.fedorahosted.certmonger:/org/fedorahosted/certmonger/requests/Request2:org.fedorahosted.certmonger.request.get_nickname
2016-08-22 10:05:24 [21621] Pending GetConnectionUnixUser serial 1227
2016-08-22 10:05:24 [21621] Pending GetConnectionUnixProcessID serial 1228
2016-08-22 10:05:24 [21621] Queuing FD 8 for Read for 
0x7fdf7bf25630:0x7fdf7bf2bc00.
2016-08-22 10:05:24 [21621] Dequeuing FD 8 for Read for 
0x7fdf7bf25630:0x7fdf7bf2bc00.
2016-08-22 10:05:24 [21621] Handling D-Bus traffic (Read) on FD 8 for 
0x7fdf7bf25630.
2016-08-22 10:05:24 [21621] message 0x7fdf7bf25630(method_return)->1227->819
2016-08-22 10:05:24 [21621] message 0x7fdf7bf25630(method_return)->1228->820
2016-08-22 10:05:24 [21621] User ID 0 PID 22278 called 
/org/fedorahosted/certmonger/requests/Request2:org.fedorahosted.certmonger.request.get_nickname.
2016-08-22 10:05:24 [21621] Queuing FD 8 for Read for 
0x7fdf7bf25630:0x7fdf7bf33720.
2016-08-22 10:05:24 [22282] Read value "0" from "/proc/sys/crypto/fips_enabled".
2016-08-22 10:05:24 [22282] Not attempting to set NSS FIPS mode.
2016-08-22 10:05:24 [22282] Skipping NSS internal slot (NSS Generic Crypto 
Services).
2016-08-22 10:05:24 [22282] Found token 'NSS Certificate DB'.
2016-08-22 10:05:24 [22282] Error locating a key.
2016-08-22 10:05:24 [21621] Request2('husky100') moved to state 
'NEWLY_ADDED_START_READING_CERT'
2016-08-22 10:05:24 [21621] Will revisit Request2('husky100') now.
2016-08-22 10:05:24 [21621] Request2('husky100') moved to state 
'NEWLY_ADDED_READING_CERT'
2016-08-22 10:05:24 [21621] Will revisit Request2('husky100') on traffic from 
11.
2016-08-22 10:05:25 [22283] Read value "0" from "/proc/sys/crypto/fips_enabled".
2016-08-22 10:05:25 [22283] Not attempting to set NSS FIPS mode.
2016-08-22 10:05:25 [22283] Found token 'NSS Generic Crypto Services'.
2016-08-22 10:05:25 [22283] Cert storage slot still needs user PIN to be set.
2016-08-22 10:05:25 [22283] Found token 'NSS Certificate DB'.
2016-08-22 10:05:25 [22283] Error locating certificate.
2016-08-22 10:05:25 [21621] Request2('husky100') moved to state 
'NEWLY_ADDED_DECIDING'
2016-08-22 10:05:25 [21621] Will revisit Request2('husky100') now.
2016-08-22 10:05:25 [21621] Request2('husky100') releasing writing lock
2016-08-22 10:05:25 [21621] Request2('husky100') has no key or certificate, 
will generate keys and attempt enrollment
2016-08-22 10:05:25 [21621] Request2('husky100') moved to state 'NEED_KEY_PAIR'
2016-08-22 10:05:25 [21621] Will revisit Request2('husky100') now.
2016-08-22 10:05:25 [21621] Request2('husky100') taking writing lock
2016-08-22 10:05:25 [21621] Request2('husky100') moved to state 
'GENERATING_KEY_PAIR'
2016-08-22 10:05:25 [21621] Will revisit Request2('husky100') on traffic from 
11.
2016-08-22 10:05:25 [22284] Read value "0" from "/proc/sys/crypto/fips_enabled".
2016-08-22 10:05:25 [22284] Not attempting to set NSS FIPS mode.
2016-08-22 10:05:25 [22284] Found token 'NSS Certificate DB'.
2016-08-22 10:05:25 [22284] Generating key pair.
2016-08-22 10:05:25 [22284] Nickname "husky100" appears to be unused.
2016-08-22 10:05:25 [22284] Set nickname "husky100" on private key.
2016-08-22 10:05:25 [21621] Request2('husky100') releasing writing lock
2016-08-22 10:05:25 [21621] Request2('husky100') moved to state 'HAVE_KEY_PAIR'
2016-08-22 10:05:25 [21621] Will revisit Request2('husky100') now.
2016-08-22 10:05:25 [21621] Request2('husky100') moved to state 'NEED_KEYINFO'
2016-08-22 10:05:25 [21621] Will revisit Request2('husky100') now.
2016-08-22 10:05:25 [21621] Request2('husky100') moved to state 
'READING_KEYINFO'
2016-08-22 10:05:25 [21621] Will revisit Request2('husky100') on traffic from 
11.
2016-08-22 10:05:25 [22285] Read value "0" from "/proc/sys/crypto/fips_enabled".
2016-08-22 10:05:25 [22285] Not attempting to set NSS FIPS mode.
2016-08-22 10:05:25 [22285] Skipping NSS internal slot (NSS Generic Crypto 
Services).
2016-08-22 10:05:25 [22285] Found token 'NSS Certificate DB'.
2016-08-22 10:05:25 [22285] Located the key 'husky100'.
2016-08-22 10:05:25 [22285] Converted private key 'husky100' to public key.
2016-08-22 10:05:25 [22285] Key is an RSA key.
2016-08-22 10:05:25 [22285] Key size is 2048.
2016-08-22 10:05:25 [21621] Request2('husky100') moved to state 'HAVE_KEYINFO'
2016-08-22 10:05:25 [21621] Will revisit Request2('husky100') now.
2016-08-22 10:05:25 [21621] Request2('husky100') moved to state 'NEED_CSR'
2016-08-22 10:05:25 [21621] Will revisit Request2('husky100') now.
2016-08-22 10:05:25 [21621] Request2('husky100') moved to state 'GENERATING_CSR'
2016-08-22 10:05:25 [21621] Will revisit Request2('husky100') on traffic from 
11.
2016-08-22 10:05:25 [22286] Read value "0" from "/proc/sys/crypto/fips_enabled".
2016-08-22 10:05:25 [22286] Not attempting to set NSS FIPS mode.
2016-08-22 10:05:25 [22286] Skipping NSS internal slot (NSS Generic Crypto 
Services).
2016-08-22 10:05:25 [22286] Found token 'NSS Certificate DB'.
2016-08-22 10:05:25 [22286] Located the key 'husky100'.
2016-08-22 10:05:25 [22286] Converted private key 'husky100' to public key.
2016-08-22 10:05:25 [21621] Request2('husky100') moved to state 'HAVE_CSR'
2016-08-22 10:05:25 [21621] Will revisit Request2('husky100') now.
2016-08-22 10:05:25 [21621] Request2('husky100') moved to state 'NEED_TO_SUBMIT'
2016-08-22 10:05:25 [21621] Will revisit Request2('husky100') now.
2016-08-22 10:05:25 [21621] Request2('husky100') moved to state 'SUBMITTING'
2016-08-22 10:05:25 [21621] Will revisit Request2('husky100') on traffic from 
15.
2016-08-22 10:05:25 [21621] Certificate submission attempt complete.
2016-08-22 10:05:25 [21621] Child status = 16.
2016-08-22 10:05:25 [21621] Child output:
"Error reading request, expected PKCS7 data.
"
2016-08-22 10:05:25 [21621] Error reading request, expected PKCS7 data.
2016-08-22 10:05:25 [21621] Certificate not (yet?) issued.
2016-08-22 10:05:25 [21621] Request2('husky100') goes to a CA over SCEP, need 
to generate SCEP data.
2016-08-22 10:05:25 [21621] Request2('husky100') moved to state 'NEED_SCEP_DATA'
2016-08-22 10:05:25 [21621] Will revisit Request2('husky100') now.
2016-08-22 10:05:25 [21621] Request2('husky100') moved to state 
'GENERATING_SCEP_DATA'
2016-08-22 10:05:25 [21621] Will revisit Request2('husky100') on traffic from 
11.
2016-08-22 10:05:25 [22288] Read value "0" from "/proc/sys/crypto/fips_enabled".
2016-08-22 10:05:25 [22288] Not attempting to set NSS FIPS mode.
2016-08-22 10:05:25 [22288] Generating dummy key.
2016-08-22 10:05:25 [22288] Read value "0" from "/proc/sys/crypto/fips_enabled".
2016-08-22 10:05:25 [22288] Not attempting to set NSS FIPS mode.
2016-08-22 10:05:25 [22288] Skipping NSS internal slot (NSS Generic Crypto 
Services).
2016-08-22 10:05:25 [22288] Found token 'NSS Certificate DB'.
2016-08-22 10:05:25 [22288] Located the key 'husky100'.
2016-08-22 10:05:25 [22288] Converted private key 'husky100' to public key.
2016-08-22 10:05:25 [22288] Server does not support DES3, using DES.
2016-08-22 10:05:25 [22288] Server does not support better digests, using MD5.
2016-08-22 10:05:25 [22288] Generating PKCSREQ pkiMessage.
2016-08-22 10:05:25 [22288] Setting transaction ID 
"89399340103492129363376569585892061602695437784280139265051808388486717974760".
2016-08-22 10:05:25 [22288] Setting message type "19".
2016-08-22 10:05:25 [22288] Setting sender nonce.
2016-08-22 10:05:25 [22288] Signed data.
2016-08-22 10:05:25 [22288] Generating GetCertInitial pkiMessage.
2016-08-22 10:05:25 [22288] Setting transaction ID 
"89399340103492129363376569585892061602695437784280139265051808388486717974760".
2016-08-22 10:05:25 [22288] Setting message type "20".
2016-08-22 10:05:25 [22288] Setting sender nonce.
2016-08-22 10:05:25 [22288] Signed data.
2016-08-22 10:05:25 [22288] Signing using old key.
2016-08-22 10:05:25 [22288] Re-signing PKCSREQ message with old key.
2016-08-22 10:05:25 [22288] Re-signing GetCertInitial message with old key.
2016-08-22 10:05:25 [21621] Request2('husky100') moved to state 'HAVE_SCEP_DATA'
2016-08-22 10:05:25 [21621] Will revisit Request2('husky100') now.
2016-08-22 10:05:25 [21621] Request2('husky100') moved to state 'NEED_TO_SUBMIT'
2016-08-22 10:05:25 [21621] Will revisit Request2('husky100') now.
2016-08-22 10:05:25 [21621] Request2('husky100') moved to state 'SUBMITTING'
2016-08-22 10:05:25 [21621] Will revisit Request2('husky100') on traffic from 
15.
2016-08-22 10:05:26 [21621] Certificate submission attempt complete.
2016-08-22 10:05:26 [21621] Child status = 0.
2016-08-22 10:05:26 [21621] Child output:
"-----BEGIN PKCS7-----
MIAGCSqGSIb3DQEHA6CAMIACAQAxggFUMIIBUAIBADA4MBMxETAPBgNVBAMTCGh1
c2t5MTAwAiEAxaY7vcruKj5BOCTGw5wQBTpMC0GpLQ5rQJvfM6bjKOgwDQYJKoZI
hvcNAQEBBQAEggEAF8VwCqiExnQyPQvdPV8vYFIvV0OGJ5AuyurIQQ0y3zeb6Jjc
h4j6LilwV0BnUjdH9G2t4gGWUbbUVxciaXy0lgcZnO7C39ptc8tPfcfnD5gwRXdj
jLjWTRa6IBhBvgZS6/tQ1uiWXygSnTVl9renZSBixKrnUSaRO5vHl4IsMWp4J8/p
39DY2zncvP/oq4bMKe5priZEjgbZkgFI9IuleQM80pzTHayWlChx2M5Cg5pDrBLc
k0lZeVLQ6Vg5V3yRGSsXNrxkexYZkRFGQkZ/6gsLmj1nPPVGjhjbtoEGtQZGpXaW
xD+nWyv2TUDge1OzIYj326scX3z3+YXcw2J23zCABgkqhkiG9w0BBwEwEQYFKw4D
AgcECJgYnlIa2DxtoIAEggNgaTC2AhLM52T8guE2jr4YTK1UlcwDpN8yRJNRyuK7
vtDjx5aPx3+qTRJAOdeulV3pYK+3dpmddJoePGFpW/MaKBgAOpZVi/gk6LxnfKG4
l+gwPR7y3EyXXCyank553tceF08lPoPMfkRCe01le5EW2PKKH9y7JeqvVkxIjhI8
vaYKmARCLAtC4fXexjnjMxFKISctLTIJqqDfCn6T7h2j61jIAB4wABmTKjh1fwp5
+bR+enbCG33KY9taeDHvgAYl0XOi8IQ370dI57I72383RCcQdAa9qdMSnhquMyZL
GS1zBnWrW9wMbMWkIRjR+1nGguS+6qBP4IekOuifoi/LHkSz/uOUuEi0cintRRy6
TsQEimydfIRfGrpcpaPCksHYUp/QZOSsQz9xAb/u6xMJMYRxKEw8q80xSniZP+dr
HwfRThoJuxZcr3bpnRuEt2fYd1MgASeNTuZyLV4UJgdAZKAid74S0oi20OTSJyJE
+GScqV/loZ4kJByE7fk3ZzCEWjOBhbzFzkoJ0vCxnRsq2eiyiTmTQvl4CM24q84f
SNvUT3UE2NryGV8DSVuyUb0HX97x8Ii0l+pcciylWWy0W5qBhVlo5ns8aDfP4xqg
blXv13hVIZPRs2KYFinK1ptOf2dBdYI8AFRx4eq85HGTd4J9yy5qIPjMfTVCNJz1
GLHFCIAQrClFehHvVrny0tO88B9/Xky9I6ReRPdz8kZ6GBCkTBS3I+4Km7uyo2Bd
XE5XlBJhaVboApZIwLNaf24eqH/L9pG6O+BhzKQEFqDYmpIzWslIsBqtMPFWD5E/
x/v8O2Pj0b+Tmkky+VYv8gdEkOy6LPX2J4YH86PljJDEoSqhmSeeVFuGCbaRa60L
NevoUzoQ3qCl/Brob7nDrOWeE1uJBWcDBs/CeFUvB0mfniIp0iDUOiTpWVm7drwv
EMObPE+5SijzwFnj5HIgSpmHZUjFR9JcRfuG6E3u7BrDl1wS6U5lfb7Oqro2T6PF
DB1+bL7NzCqF1nOYEDELOSrMxvk8/JQMxkBdrNx592FunoMEz8oAPbK5Lvt8oqE8
YcULZMb56Zp4S/L4P/8jV5KB9peXhxWhvU4qqXGeBBQSjggBxAURUZni5HaRrzv4
nUIyUuaf0fv3QY3tIi9hKaH8AAAAAAAAAAAAAA==
-----END PKCS7-----
"
2016-08-22 10:05:26 [21621] Will revisit Request2('husky100') on traffic from 
11.
2016-08-22 10:05:26 [22292] Postprocessing output "-----BEGIN PKCS7-----
MIAGCSqGSIb3DQEHA6CAMIACAQAxggFUMIIBUAIBADA4MBMxETAPBgNVBAMTCGh1
c2t5MTAwAiEAxaY7vcruKj5BOCTGw5wQBTpMC0GpLQ5rQJvfM6bjKOgwDQYJKoZI
hvcNAQEBBQAEggEAF8VwCqiExnQyPQvdPV8vYFIvV0OGJ5AuyurIQQ0y3zeb6Jjc
h4j6LilwV0BnUjdH9G2t4gGWUbbUVxciaXy0lgcZnO7C39ptc8tPfcfnD5gwRXdj
jLjWTRa6IBhBvgZS6/tQ1uiWXygSnTVl9renZSBixKrnUSaRO5vHl4IsMWp4J8/p
39DY2zncvP/oq4bMKe5priZEjgbZkgFI9IuleQM80pzTHayWlChx2M5Cg5pDrBLc
k0lZeVLQ6Vg5V3yRGSsXNrxkexYZkRFGQkZ/6gsLmj1nPPVGjhjbtoEGtQZGpXaW
xD+nWyv2TUDge1OzIYj326scX3z3+YXcw2J23zCABgkqhkiG9w0BBwEwEQYFKw4D
AgcECJgYnlIa2DxtoIAEggNgaTC2AhLM52T8guE2jr4YTK1UlcwDpN8yRJNRyuK7
vtDjx5aPx3+qTRJAOdeulV3pYK+3dpmddJoePGFpW/MaKBgAOpZVi/gk6LxnfKG4
l+gwPR7y3EyXXCyank553tceF08lPoPMfkRCe01le5EW2PKKH9y7JeqvVkxIjhI8
vaYKmARCLAtC4fXexjnjMxFKISctLTIJqqDfCn6T7h2j61jIAB4wABmTKjh1fwp5
+bR+enbCG33KY9taeDHvgAYl0XOi8IQ370dI57I72383RCcQdAa9qdMSnhquMyZL
GS1zBnWrW9wMbMWkIRjR+1nGguS+6qBP4IekOuifoi/LHkSz/uOUuEi0cintRRy6
TsQEimydfIRfGrpcpaPCksHYUp/QZOSsQz9xAb/u6xMJMYRxKEw8q80xSniZP+dr
HwfRThoJuxZcr3bpnRuEt2fYd1MgASeNTuZyLV4UJgdAZKAid74S0oi20OTSJyJE
+GScqV/loZ4kJByE7fk3ZzCEWjOBhbzFzkoJ0vCxnRsq2eiyiTmTQvl4CM24q84f
SNvUT3UE2NryGV8DSVuyUb0HX97x8Ii0l+pcciylWWy0W5qBhVlo5ns8aDfP4xqg
blXv13hVIZPRs2KYFinK1ptOf2dBdYI8AFRx4eq85HGTd4J9yy5qIPjMfTVCNJz1
GLHFCIAQrClFehHvVrny0tO88B9/Xky9I6ReRPdz8kZ6GBCkTBS3I+4Km7uyo2Bd
XE5XlBJhaVboApZIwLNaf24eqH/L9pG6O+BhzKQEFqDYmpIzWslIsBqtMPFWD5E/
x/v8O2Pj0b+Tmkky+VYv8gdEkOy6LPX2J4YH86PljJDEoSqhmSeeVFuGCbaRa60L
NevoUzoQ3qCl/Brob7nDrOWeE1uJBWcDBs/CeFUvB0mfniIp0iDUOiTpWVm7drwv
EMObPE+5SijzwFnj5HIgSpmHZUjFR9JcRfuG6E3u7BrDl1wS6U5lfb7Oqro2T6PF
DB1+bL7NzCqF1nOYEDELOSrMxvk8/JQMxkBdrNx592FunoMEz8oAPbK5Lvt8oqE8
YcULZMb56Zp4S/L4P/8jV5KB9peXhxWhvU4qqXGeBBQSjggBxAURUZni5HaRrzv4
nUIyUuaf0fv3QY3tIi9hKaH8AAAAAAAAAAAAAA==
-----END PKCS7-----
".
2016-08-22 10:05:26 [22292] Read value "0" from "/proc/sys/crypto/fips_enabled".
2016-08-22 10:05:26 [22292] Not attempting to set NSS FIPS mode.
2016-08-22 10:05:26 [22292] Skipping NSS internal slot (NSS Generic Crypto 
Services).
2016-08-22 10:05:26 [22292] Found token 'NSS Certificate DB'.
2016-08-22 10:05:26 [22292] Error decrypting bulk key: SEC_ERROR_BAD_DATA.
2016-08-22 10:05:26 [22292] error:0D0680A8:asn1 encoding 
routines:ASN1_CHECK_TLEN:wrong tag
2016-08-22 10:05:26 [22292] error:0D07803A:asn1 encoding 
routines:ASN1_ITEM_EX_D2I:nested asn1 error
2016-08-22 10:05:26 [22292] error:0D0680A8:asn1 encoding 
routines:ASN1_CHECK_TLEN:wrong tag
2016-08-22 10:05:26 [22292] error:0D07803A:asn1 encoding 
routines:ASN1_ITEM_EX_D2I:nested asn1 error
2016-08-22 10:05:26 [22292] Error decrypting bulk key: SEC_ERROR_BAD_DATA.
2016-08-22 10:05:26 [22292] Error decrypting bulk key: SEC_ERROR_BAD_DATA.
2016-08-22 10:05:26 [22292] Error decrypting bulk key: SEC_ERROR_BAD_DATA.
2016-08-22 10:05:26 [22292] Error decrypting bulk key: SEC_ERROR_BAD_DATA.
2016-08-22 10:05:26 [22292] Error decrypting bulk key: SEC_ERROR_BAD_DATA.
2016-08-22 10:05:26 [22292] Error decrypting bulk key: SEC_ERROR_BAD_DATA.
2016-08-22 10:05:26 [22292] Error decrypting bulk key: SEC_ERROR_BAD_DATA.
2016-08-22 10:05:26 [22292] Error decrypting bulk key: SEC_ERROR_BAD_DATA.
2016-08-22 10:05:26 [22292] Error decrypting bulk key: SEC_ERROR_BAD_DATA.
2016-08-22 10:05:26 [22292] Error decrypting bulk key: SEC_ERROR_BAD_DATA.
2016-08-22 10:05:26 [22292] Error decrypting bulk key: SEC_ERROR_BAD_DATA.
2016-08-22 10:05:26 [22292] Error decrypting bulk key: SEC_ERROR_BAD_DATA.
2016-08-22 10:05:26 [22292] Error decrypting bulk key: SEC_ERROR_BAD_DATA.
2016-08-22 10:05:26 [22292] Error decrypting bulk key: SEC_ERROR_BAD_DATA.
2016-08-22 10:05:26 [22292] Error decrypting bulk key: SEC_ERROR_BAD_DATA.
2016-08-22 10:05:26 [22292] Error decrypting bulk key: SEC_ERROR_BAD_DATA.
2016-08-22 10:05:26 [22292] Error decrypting bulk key: SEC_ERROR_BAD_DATA.
2016-08-22 10:05:26 [22292] Succeeded in decrypting enveloped data.
2016-08-22 10:05:26 [22292] Succeeded in decrypting enveloped data.
2016-08-22 10:05:26 [21621] Certificate submission postprocessing complete.
2016-08-22 10:05:26 [21621] Child status = 0.
2016-08-22 10:05:26 [21621] Child output:
"{"certificate":"-----BEGIN 
CERTIFICATE-----\nMIIDKjCCAhKgAwIBAgIIBVULrGtczBowDQYJKoZIhvcNAQEFBQAwIDEeMBwGA1UE\nAwwVaUNPTSBLdW5kZTEgRGV2IFN1YkNBMB4XDTE2MDgyMjA3NTUyNloXDTI2MDYw\nOTE0MjYxMVowEzERMA8GA1UEAwwIaHVza3kxMDAwggEiMA0GCSqGSIb3DQEBAQUA\nA4IBDwAwggEKAoIBAQCwj6TZXwh2TD1UJuEc/LhjgUF91BJ4OOpjt2uOyfTsGaFO\nDykz0tEWyXRk7mkHQeqC/isVD0CYz6bhks2HwwqMAIc37eaz/uEIPQu4rz59gUMl\nVkh93YOtX2JlsQ0y0QPuwIGgb3Z1NX8MbhlE0GpLrb2vY8Y0TpBjwGpbagaMRPgz\nyP2v62jau9xn+72VTjOxNImJH/8V1UTDl1gt0lR2XH5dMeo+weVW8ZUvgDykhQDj\nq4V/trRW+556owhPv2ALBpuubp99d2rfPSdWnLg7JCtpIEIGq9KcEIfV1Bq/d4zb\n3PVrb1xZIb2vCOYyijUr8OCpgMslTM1WiKdIw9GTAgMBAAGjdTBzMAwGA1UdEwEB\n/wQCMAAwHwYDVR0jBBgwFoAUp+pgIuSdJoXPRmZ6unXbKtfB2NowEwYDVR0lBAww\nCgYIKwYBBQUHAwIwHQYDVR0OBBYEFCKFlaNB18Tf7Njwy/8I1aDPge3DMA4GA1Ud\nDwEB/wQEAwIFoDANBgkqhkiG9w0BAQUFAAOCAQEAho5avfYElYPaUxr9diXxG4aA\nVijNIiGXa6FmOwmMmR2h2UUqn11doNbkR+Zv4FFjMqdlWQh4aMLhn6Z0+ahSx3NY\nHG0saJfV88loRb+zC03yOyPIjEmFo4d2Vc+CsXAQ49ElHVKjqqC3JaMrma/EfMQ2\nW6Sc8x55smgPXjPLf8VytHdjH/ZeCDFbBYqs8CS0JbjP2UppEjwWAv4r8QH8VWuz\n97kxRpXFVTXb/gJUCxNqJRCU1aFTfO1L6x9BzfVKJX73nyAuQmZ+090PJIFCTTx/\nexdeoX0EBPeGmV7XjAO5GqGq+P6i3oeJ/Z8Kvug0XzlUSc55SMbc+z2B07GVIA==\n-----END
 CERTIFICATE-----\n","key_checked":true}
"
2016-08-22 10:05:26 [21621] Issued certificate is "-----BEGIN CERTIFICATE-----
MIIDKjCCAhKgAwIBAgIIBVULrGtczBowDQYJKoZIhvcNAQEFBQAwIDEeMBwGA1UE
AwwVaUNPTSBLdW5kZTEgRGV2IFN1YkNBMB4XDTE2MDgyMjA3NTUyNloXDTI2MDYw
OTE0MjYxMVowEzERMA8GA1UEAwwIaHVza3kxMDAwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCwj6TZXwh2TD1UJuEc/LhjgUF91BJ4OOpjt2uOyfTsGaFO
Dykz0tEWyXRk7mkHQeqC/isVD0CYz6bhks2HwwqMAIc37eaz/uEIPQu4rz59gUMl
Vkh93YOtX2JlsQ0y0QPuwIGgb3Z1NX8MbhlE0GpLrb2vY8Y0TpBjwGpbagaMRPgz
yP2v62jau9xn+72VTjOxNImJH/8V1UTDl1gt0lR2XH5dMeo+weVW8ZUvgDykhQDj
q4V/trRW+556owhPv2ALBpuubp99d2rfPSdWnLg7JCtpIEIGq9KcEIfV1Bq/d4zb
3PVrb1xZIb2vCOYyijUr8OCpgMslTM1WiKdIw9GTAgMBAAGjdTBzMAwGA1UdEwEB
/wQCMAAwHwYDVR0jBBgwFoAUp+pgIuSdJoXPRmZ6unXbKtfB2NowEwYDVR0lBAww
CgYIKwYBBQUHAwIwHQYDVR0OBBYEFCKFlaNB18Tf7Njwy/8I1aDPge3DMA4GA1Ud
DwEB/wQEAwIFoDANBgkqhkiG9w0BAQUFAAOCAQEAho5avfYElYPaUxr9diXxG4aA
VijNIiGXa6FmOwmMmR2h2UUqn11doNbkR+Zv4FFjMqdlWQh4aMLhn6Z0+ahSx3NY
HG0saJfV88loRb+zC03yOyPIjEmFo4d2Vc+CsXAQ49ElHVKjqqC3JaMrma/EfMQ2
W6Sc8x55smgPXjPLf8VytHdjH/ZeCDFbBYqs8CS0JbjP2UppEjwWAv4r8QH8VWuz
97kxRpXFVTXb/gJUCxNqJRCU1aFTfO1L6x9BzfVKJX73nyAuQmZ+090PJIFCTTx/
exdeoX0EBPeGmV7XjAO5GqGq+P6i3oeJ/Z8Kvug0XzlUSc55SMbc+z2B07GVIA==
-----END CERTIFICATE-----
".
2016-08-22 10:05:26 [21621] Certificate issued (0 chain certificates, 0 roots).
2016-08-22 10:05:26 [21621] Request2('husky100') moved to state 
'NEED_TO_SAVE_CERT'
2016-08-22 10:05:26 [21621] Will revisit Request2('husky100') now.
2016-08-22 10:05:26 [21621] Request2('husky100') taking writing lock
2016-08-22 10:05:26 [21621] No hooks set for pre-save command.
2016-08-22 10:05:26 [21621] Request2('husky100') moved to state 
'START_SAVING_CERT'
2016-08-22 10:05:26 [21621] Will revisit Request2('husky100') now.
2016-08-22 10:05:26 [21621] Request2('husky100') moved to state 'SAVING_CERT'
2016-08-22 10:05:26 [21621] Will revisit Request2('husky100') on traffic from 
11.
2016-08-22 10:05:26 [22293] No duplicate nickname entries.
2016-08-22 10:05:26 [22293] No duplicate subject name entries.
2016-08-22 10:05:26 [22293] Imported certificate "husky100", got nickname 
"husky100".
2016-08-22 10:05:26 [22293] Removed name from old key.
2016-08-22 10:05:26 [22293] Error shutting down NSS.
2016-08-22 10:05:26 [21621] Request2('husky100') moved to state 'SAVED_CERT'
2016-08-22 10:05:26 [21621] Will revisit Request2('husky100') now.
2016-08-22 10:05:26 [21621] Request2('husky100') moved to state 
'NEED_TO_SAVE_CA_CERTS'
2016-08-22 10:05:26 [21621] Will revisit Request2('husky100') now.
2016-08-22 10:05:26 [21621] Request2('husky100') moved to state 
'START_SAVING_CA_CERTS'
2016-08-22 10:05:26 [21621] Will revisit Request2('husky100') now.
2016-08-22 10:05:26 [21621] Request2('husky100') moved to state 
'SAVING_CA_CERTS'
2016-08-22 10:05:26 [21621] Will revisit Request2('husky100') on traffic from 
11.
2016-08-22 10:05:26 [21621] Request2('husky100') moved to state 
'NEED_TO_READ_CERT'
2016-08-22 10:05:26 [21621] Will revisit Request2('husky100') now.
2016-08-22 10:05:26 [21621] Request2('husky100') moved to state 'READING_CERT'
2016-08-22 10:05:26 [21621] Will revisit Request2('husky100') on traffic from 
11.
2016-08-22 10:05:26 [22295] Read value "0" from "/proc/sys/crypto/fips_enabled".
2016-08-22 10:05:26 [22295] Not attempting to set NSS FIPS mode.
2016-08-22 10:05:26 [22295] Found token 'NSS Generic Crypto Services'.
2016-08-22 10:05:26 [22295] Cert storage slot still needs user PIN to be set.
2016-08-22 10:05:26 [22295] Found token 'NSS Certificate DB'.
2016-08-22 10:05:26 [22295] Located the certificate "husky100".
2016-08-22 10:05:26 [22295] Read value "0" from "/proc/sys/crypto/fips_enabled".
2016-08-22 10:05:26 [22295] Not attempting to set NSS FIPS mode.
2016-08-22 10:05:26 [21621] No hooks set for post-save command.
2016-08-22 10:05:26 [21621] Request2('husky100') moved to state 
'NEED_TO_NOTIFY_ISSUED_SAVED'
2016-08-22 10:05:26 [21621] Will revisit Request2('husky100') now.
2016-08-22 10:05:26 [21621] Request2('husky100') releasing writing lock
2016-08-22 10:05:26 [21621] Request2('husky100') moved to state 
'NOTIFYING_ISSUED_SAVED'
2016-08-22 10:05:26 [21621] Will revisit Request2('husky100') on traffic from 
11.
2016-08-22 10:05:26 [22296] 0x1d Certificate named "husky100" in token "NSS 
Certificate DB" in database "/tmp/nssdb" issued by CA and saved.
2016-08-22 10:05:26 [21621] Request2('husky100') moved to state 'MONITORING'
2016-08-22 10:05:26 [21621] Will revisit Request2('husky100') soon.
2016-08-22 10:05:31 [21621] Will revisit Request2('husky100') in 86400 seconds.

Besides this "Error reading request, expected PKCS7 data" which always shows up 
and "Error decrypting bulk key: SEC_ERROR_BAD_DATA" errors (?)  finally the 
cert is issued and stored into the nSS DB.

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 8344117917752670949 (0x73cc4309839ebae5)
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: CN=mx_kd3
        Validity
            Not Before: Aug 19 16:03:29 2016 GMT
            Not After : Aug  2 15:23:36 2017 GMT
        Subject: CN=mx_pre2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:89:01:fc:d4:a0:5c:df:8d:b6:f6:e3:49:8c:93:
                    77:7a:1e:26:34:4e:37:90:c3:6c:b0:e0:5d:a7:47:
                   8e:81:8f:d8:04:d5:c0:03:26:1a:a5:49:c8:82:98:
                    40:25:34:2e:43:c5:7d:cc:10:0e:b0:13:26:25:c0:
                    3d:87:15:fc:7f:90:6d:3d:2f:d6:ce:31:1f:af:38:
                    3f:8c:e9:fc:01:4c:a6:c5:3f:82:cb:c0:f8:8c:e7:
                    30:75:ba:68:b8:69:a6:6b:6c:04:a3:58:fb:b0:10:
                    94:4b:a2:f6:bd:24:f7:75:97:c0:f2:4e:ee:d9:df:
                    7b:61:8b:46:a9:d4:46:96:05:31:e5:60:87:3e:8d:
                    9b:8e:b2:f6:0f:03:1f:b7:49:1d:83:ec:9f:66:b1:
                    f9:76:dd:dd:c5:b6:fa:52:5f:56:ce:2e:00:87:11:
                    90:6d:ba:c3:d7:fd:19:e0:64:c1:5d:0b:62:59:ad:
                    61:80:a7:76:d4:08:39:6b:2e:6f:05:68:c9:10:b4:
                    9f:3e:b9:d0:63:9f:7d:e1:a7:74:4f:f8:f4:17:34:
                    f5:bf:ab:c6:bf:b9:48:80:59:ec:00:41:de:8b:46:
                    30:9d:8c:2b:d4:f3:2e:bd:39:e6:da:cd:d9:32:04:
                    55:04:29:26:66:0f:ac:ac:d2:bf:b1:19:56:62:0a:
                    56:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:06:53:64:27:62:69:3B:ED:79:B2:6A:D8:94:DD:EE:B6:9C:51:44
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Authority Key Identifier:
                
keyid:8C:DB:52:66:8F:60:01:FA:58:8D:82:06:01:25:9C:2C:7D:D0:A0:14

            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage:
                TLS Web Client Authentication
    Signature Algorithm: sha1WithRSAEncryption
         45:a1:0c:9b:7b:20:31:0a:90:53:21:b8:d5:e2:05:0f:29:10:
         77:d6:3a:44:38:9d:4a:d0:19:30:99:b9:41:0e:b1:4b:0e:c2:
         35:36:ce:98:5f:0a:54:88:3b:91:d1:fb:df:e5:6f:57:f9:04:
         0d:51:bf:c5:50:c3:c6:4d:88:a0:73:31:99:63:85:69:81:66:
         93:5c:c3:bf:3f:ef:50:cc:db:de:fe:95:43:64:f0:2c:66:c1:
         f0:64:6f:8d:75:53:54:48:28:92:05:e1:21:a2:d6:fe:e3:1e:
         5a:af:87:ba:45:06:39:47:5a:b8:df:1c:d8:cc:cf:6a:4a:ac:
         08:92:7c:5b:08:9b:d5:0b:6d:49:33:c3:8f:a3:2c:50:4e:50:
         ae:d3:61:27:09:8c:de:c3:04:91:e0:f9:0e:aa:63:49:84:5e:
         cc:03:78:14:6e:cc:c3:5e:46:3b:56:6c:ae:20:7b:ce:51:8a:
         78:eb:6b:4b:80:45:45:f3:3f:14:b6:d0:6a:99:d4:46:ad:d2:
         0f:4d:99:4d:31:34:1f:4f:a3:19:92:45:8f:89:29:7e:4e:e7:
         43:b2:15:4d:df:8a:66:70:c4:5d:b0:e3:d8:13:77:c2:51:98:
         67:7d:b4:3c:95:71:54:05:06:1f:69:ae:fc:b1:00:b4:88:84:
         da:e0:85:ae
subject= /CN=mx_pre2
issuer= /CN=mx_kd3
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiQH81KBc34229uNJjJN3
eh4mNE43kMNssOBdp0eOgY/YBNXAAyYapUnIgphAJTQuQ8V9zBAOsBMmJcA9hxX8
f5BtPS/WzjEfrzg/jOn8AUymxT+Cy8D4jOcwdbpouGmma2wEo1j7sBCUS6L2vST3
dZfA8k7u2d97YYtGqdRGlgUx5WCHPo2bjrL2DwMft0kdg+yfZrH5dt3dxbb6Ul9W
zi4AhxGQbbrD1/0Z4GTBXQtiWa1hgKd21Ag5ay5vBWjJELSfPrnQY5994ad0T/j0
FzT1v6vGv7lIgFnsAEHei0YwnYwr1PMuvTnm2s3ZMgRVBCkmZg+srNK/sRlWYgpW
aQIDAQAB
-----END PUBLIC KEY-----
SHA1 Fingerprint=C3:B6:32:E9:70:E8:0F:98:A5:77:8E:96:13:5B:F8:40:63:37:29:7E

So the question is why certmonger fails to verify signature on server response 
depending on which server I try.

What is included in the checks ?  hostname of clients/servers?

How can I debug this ?  I'm not an experienced C programmer and was just able 
to apply that GetCACertchain fix in scep.c and build certmonger with that.

Peter

automechanika - 13.09.-17.09.2016 - Messe Frankfurt - Hall 3.0 - Stand G98 + E91
InnoTrans - 20.09.-23.09.2016 - Messe Berlin - Hall 1.2b - Stand 104 + 210
IAA - 22.09.-29.09.2016 - Messe Hannover - Hall 17 - Stand A30 + D131

Knorr-Bremse IT-Services GmbH
Sitz: Muenchen
Geschaeftsfuehrer: Helmut Draxler (Vorsitzender), Harald Jessen, Harald 
Schneider
Registergericht Muenchen, HR B 167 268

This transmission is intended solely for the addressee and contains 
confidential information.
If you are not the intended recipient, please immediately inform the sender and 
delete the message and any attachments from your system.
Furthermore, please do not copy the message or disclose the contents to anyone 
unless agreed otherwise. To the extent permitted by law we shall in no way be 
liable for any damages, whatever their nature, arising out of transmission 
failures, viruses, external influence, delays and the like.
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to